free5GC NRF Discovery EncodeGroupId Function Panics on Malformed group-id-list Parameter
Impact This is an Improper Input Validation vulnerability leading to Denial of Service. Security Impact: A remote attacker can cause the NRF service to panic and crash by sending a crafted HTTP GET request with a malformed group-id-list parameter. This results in complete denial of service for the NRF discovery service. Functional Impact: The EncodeGroupId function attempts to access array indices [0], [1], [2] without validating the length of the …